Canada's Anti-Spam Legislation (CASL) was enacted July 1st, 2014. The legislation requires businesses operating in Canada or sending commercial electronic messages (CEM) to Canadian residents to receive consent before sending those residents messages.
The anti-spam law is enforced by three different Canadian organizations: the Office of the Privacy Commissioner of Canada (OPC), Canadian Radio-television and Telecommunications Commission (CRTC), and the Federal Competition Bureau. A CASL violation will put a serious dent in your company account. Individual CASL violators may be required to pay $1 million CAD (approximately 788,000 USD) per violation. Business violators can be fined up to $10 million CAD.
CASL was the most stringent legislation of its kind in 2014, and it created uncertainty among marketers similar to the GDPR. It also caused anxiety among Canadian businesses who believed it would handicap them when competing globally.One of the chief reasons for its creation was to reduce the number of unsolicited emails Canadian consumers received. Unlike the GDPR (whose critics claim enforcement lagged behind enactment), CASL had an immediate impact. According to Cloudmark Inc., there was a 37% reduction in Canadian-based spam in the year following the creation of CASL.
As technology and spam has evolved, so has the definition of a commercial electronic message. CEM now includes text/SMS messages, voice, and private social media communications sent for commercial purposes.
In this article, we are going to focus on creating a CASL compliant email marketing program. There are 3 main requirements of CASL: acquire consent before sending a commercial message, identify the organization/individual seeking consent, and provide subscribers with the option to unsubscribe.
This type of consent requires explicit permission (written or oral) before an individual receives a commercial email. This type of consent can be harder to obtain than implied consent; however, once it’s obtained it has no time limitation, although email subscribers retain the right to opt-out at any time. The most common way for organizations to acquire express consent is through an online opt-in form.
Express consent is the preferred method of consent, but CASL allows for organizations to send CEMs based on implied consent in certain situations.
Implied consent applies to situations where there's an existing business or non-business relationship between the organization and email recipient. Examples of an existing business relationship include individuals who have requested a proposal or submitted an application, as well as customers. Examples of an existing non-business relationship include membership or participation with the organization.
Additionally, individuals who post their email addresses online without a message stating they don't want to receive CEMs are fair game under CASLs implied consent. This includes email addresses that are posted on a company site, LinkedIn, etc. Unlike express consent, implied consent has a time limitation. The Canadian Radio-television and Telecommunications Commission specifies that implied consent is only valid for a period of 6 months to 2 years depending on the basis of consent.
It's important for organizations to establish policies and training related to CASL. Whether it's CASL or another piece of legislation, "I didn't know" is not a good legal defense. It is your organization's responsibility to ensure commercial activity is compliant. Educating your team about your policy will reinforce the need for marketing efforts to be CASL compliant.
In the event of complaints to the Canadian Radio-Television and Telecommunications Commission against your organization, it will be useful to have records of past marketing campaigns, CEMs sent, unsubscribe requests, and completed consent forms. For more details on recording consent visit this link from the CRTC.
Just like other major pieces of anti-spam regulation, CASL requires organizations and individuals to clearly identify themselves to their email recipients.
CASL specifically requires commercial messages to include business name, current mailing address, and valid contact information (phone number, email, or website address) that will remain valid for at least 60 days after the message is sent.
The image above shows how the New York Times included their identification information in their email footer.
To be CASL compliant, organizations must include the option to unsubscribe in all CEMs sent after receiving consent.
Regardless of the type of consent (implied or express), unsubscribe requests must be processed within 10 days (the same number of business days required under the CAN-SPAM Act).
Including an unsubscribe mechanism in marketing emails has become a standard of most legislation policing transactional messages. This was quickly reflected by email marketing software. This makes sending an email campaign without the option to opt-out a terrible look for any organization in 2021.
It's important to familiarize yourself with anti-spam legislation in the countries, states, and territories in which your organization operates. Not knowing isn't an excuse. If you find yourself questioning whether or not your marketing violates anti-spam legislation, you should either go back to the drawing board or seek legal counsel. "I didn't know" is not a sufficient legal defense, and it will not protect your organization from criminal charges or monetary penalties.